LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   syslog server receives logs from remote device (http://www.linuxquestions.org/questions/linux-security-4/syslog-server-receives-logs-from-remote-device-520043/)

dwarf007 01-17-2007 12:34 AM

syslog server receives logs from remote device
 
Is there anyone knows how to configure syslog server to receive remote device logs?

I have 1 wireless router gateway which is have an option to store it logs to syslog server.
I already configure the device to point to my syslog server IP address.


I believe I need to edit the syslog.conf file.
I already added 1 line in the bottom of the syslog.conf file

Code:

???                        /var/log/routergateway.log
What are the info I should put in the "???" in order to make the syslog server receive logs from the wireless router gateway?

What are the steps I need to configure in the syslog server in order to receive all the logs from my wireless router gateway?

Appreciate if there is anyone could help me.
Thank You…..

unSpawn 01-17-2007 05:17 AM

See for instance http://www.linuxhomenetworking.com/linux-hn/logging.htm.

Some notes to go with that:
On the host that *receives* logs:
- check if you need to separate logs by IP or name or use TCP instead of UDP (replace Syslogd with Syslog-NG or RSyslog),
- check if you need more secure logging over SSL (install Stunnel on both sides),
- check 'man syslogd' for needing '-l' or '-s',
- check your firewall contains an appropriate line for host(s) allowed access to syslogd ('getent services syslog'),
- check your /etc/hosts.deny contains the 'ALL: ALL' line if you need strict access controls,
- check your /etc/hosts.allow contains an appropriate line for host(s) allowed access to syslogd.

On the host that *sends* logs:
- check your firewall contains an appropriate line for outbound access to the syslogd host,
- use 'logger' with an appropriate facility + priority combo to generate a test message or wait aeons for one to show up on the loghost.

dwarf007 01-19-2007 10:50 PM

There is no firewall between. The remote device is the gateway of my syslog. It should be manage to push all the logs to the syslog server.

I believe the syslog server has to know the logs is collect from which remote device(IP address)

I need to log all logs from the remote device in the below log file.

/var/log/routergateway.log

Can anyone give some idea?
Appreciate if someone can help on.

macnanc 01-24-2007 07:49 AM

Try starting the syslogd server on the remote device with the "-r" option.
/sbin/syslogd -r

in your syslog.conf, put
*.* /var/log/routergateway.log


All times are GMT -5. The time now is 08:43 AM.